Move into functions.
Reset probation time and recalculate checks if a mode change is demanded to give the operator ability to regain control as soon as possible after nav performance is regained. (+11 squashed commits)
Squashed commits:
[a4bb800] commander: enable pilot to quickly recover from loss of position accuracy
[19e16a0] commander: rework postal probation time
[f96284e] commander: rework bad pos and vel test probation time
[00d5f0c] commander: Allow EKF preflight checks to pass with moving vehicle
Separates the 'is using GPS' and the GPS quality checks.
Uses a reasonable subset of the GPS quality checks which allows checks to pass if the vehicle is moving.
[4cdfb5c] commander: remove unused variable
[349385a] commander: add EKF GPS quality checks to pre-arm checking
Only perform check if GPs checking is activated by parameter setting.
Display fault messages that makes it clear if EKF quality checks are failing or the EKF is not using GPS for another reason. We do not want to confuse this with GPS lock.
[340ae29] commander: make position invalid fail-safe more sticky
Require check to pass for 7 seconds before exiting failsafe. This is required because if GPs is failing innovation tests for a prolonged period, the EKF will periodically reset to the GPS and report good accuracy at the time of reset.
Adding this delay gives time for an underlying error condition (eg bad IMU or compass) to be re-detected.
[b04ac95] commander: Increase RAM allocation to eliminate low stack warnings
[9dca12f] commander: add missing position invalid fail-safe responses
[69f264d] commander: Update position invalid fail-safe responses
Replace separate logic for each case with a generic function
Add velocity checks.
[8e8cef1] commander: rework position validity checks
Consolidate existing checks for global and local position validity and add checking of velocity accuracy.
Enable checks to be bypassed using the CBRK_VELPOSERR parameter.
In HIL mode we do not start the sensors anymore, so this is not needed.
Also it did not work (I did not try to find the reason, just noticed the
sensors kept publishing in HIL mode)
On SITL startup we got a datalink lost failsafe message whenever home
was initialized. The reason that in standalone SITL, there is usually no
datalink connected. However, on ground, we shouldn't really failsafe,
therefore it makes sense not to enter the state in the first place.
This is necessary to not have systems deep-discharge the battery while sitting idle. While at it we also deny arming in low battery conditions to ensure people who just landed with a low battery do not take off again and fail to get a successful RTL.
Move RC and DL failsafe actions handling from navigator to commander (credits to @AndreasAntener)
Separate manual kill switch handling via manual_lockdown to prevent override and release of software lockdown by RC switch
Other changes:
Add failsafe tune
Fix LED blinking for Pixracer
Return back support for rc inputs in simulator but now it is configurable via cmake
(leads to double publishing on the console when a new link is established, but this is the best compromise between fixing and completely restructuring)
If the failsafe state is ended when landed, we would switch back to
POSCTL and therefore take off again, however, all we want is stay on
ground and wait for the auto disarm.
The param COM_ARM_WO_GPS is set to 1 by default to allow arming without
GPS. This then sets a bool arm_without_gps which translates to
!GNSS_check in preflightCheck.
The param NAV_RCL_ACT was not implemented as described. Also, it has the
completely the wrong name. It should be a COM param and not NAV.
Therefore, remove the param and delete the partly implemented
and probably never used functionality.
Always use the DESCEND mode and not LANDGPSFAIL because LANDGPSFAIL will
try to loiter for some time and then request termination instead of
descending gently and trying to land.
